I’m facing a CORS issue when trying to hit the logout API (i’m hitting it from a backend handler after being redirected to there from the front end. Im supplying the id token as well. )
I have the base URL set up under trusted origins for redirect as well as CORS, also have the logout url setup under application general settings
The OIDC logout endpoint is not meant to be called from a backend service, it should be redirected to from within the browser.
https://developer.okta.com/docs/guides/sign-users-out/android/before-you-begin/ has more information.
Hi @dzeller thanks for your response!
wouldn’t that involve exposing the id_token in the URL?
Is there a way around doing that?